AUD specialized-audit coverage for employee benefit plans, ERISA requirements, plan procedures, and reporting.
This chapter focuses on employee benefit plan audits, a specialized area with its own regulatory and reporting implications. The key is to understand the plan environment well enough to identify the procedures, compliance concerns, and disclosures that make these audits different.
EBP audit questions often start with plan structure and regulatory context. The auditor must understand participant data, plan investments, contributions, distributions, service organizations, and ERISA reporting expectations before choosing procedures or report wording.
| Plan audit issue | What to decide first | Common AUD trap |
|---|---|---|
| Plan type | Whether the plan is defined contribution, defined benefit, or another arrangement. | Applying one benefit-plan procedure set to every plan. |
| DOL and ERISA rules | Which regulatory reporting and audit requirements apply. | Treating EBP audits as ordinary financial statement audits. |
| Plan procedures | Which risks involve participant data, investments, contributions, benefits, or service providers. | Testing only financial statement totals without plan-specific assertions. |
| Reporting and disclosure | Whether plan-specific reporting, supplemental schedules, or disclosure issues affect the report. | Missing disclosure requirements unique to the plan environment. |
| Step | AUD question to ask | Audit implication |
|---|---|---|
| 1. Identify the plan type | Is the engagement for a defined contribution plan, defined benefit plan, health plan, or other arrangement? | Plan structure determines the relevant risks, records, and reporting requirements. |
| 2. Understand regulatory context | Which ERISA, DOL, filing, or plan-document requirements apply? | EBP audits include compliance and reporting expectations beyond ordinary audit assertions. |
| 3. Map participant and plan data | What data supports eligibility, contributions, benefit payments, vesting, and allocations? | Participant-level data often drives audit evidence and error risk. |
| 4. Evaluate investments and service providers | What investment valuation, custodial, trustee, payroll, or recordkeeper evidence is needed? | Service organizations can affect both evidence quality and control reliance. |
| 5. Tie findings to report and schedules | Do exceptions affect disclosures, supplemental schedules, report wording, or regulatory filing? | EBP audit conclusions must connect procedure results to plan-specific reporting. |
| Checkpoint | Ask before selecting procedures | Audit effect |
|---|---|---|
| Plan structure | Is the plan defined contribution, defined benefit, health and welfare, or another arrangement? | Plan type determines the relevant risks and reporting requirements. |
| Regulatory requirement | Which ERISA, DOL, filing, plan-document, or supplemental schedule obligation applies? | EBP audits include compliance context beyond ordinary audit assertions. |
| Participant data | What records support eligibility, contributions, allocations, vesting, benefit payments, and forfeitures? | Participant-level data often drives material audit evidence. |
| Service provider evidence | Which custodian, trustee, payroll, investment, or recordkeeper controls and reports affect reliance? | Service organizations can create both evidence and control-risk issues. |
| Reporting consequence | Do exceptions affect disclosures, schedules, prohibited transactions, or report wording? | EBP findings must be tied to plan-specific reporting consequences. |